"C:\Program Files\Google\Chrome\Application\chrome.exe" --ssl-key-log-file=%USERPROFILE%\Desktop\keylog.txt
Thursday, August 22, 2024
Dump ssl keys with chrome for usage with Wireshark
Sunday, February 18, 2024
docker rar2fs on synology
If you do not want rar2fs to modify your files when opening, make sure /source is ro
docker run \ -d \ --init \ --name rar2fs \ --cap-add MKNOD \ --cap-add SYS_ADMIN \ --device /dev/fuse \ --network none \ --security-opt apparmor:unconfined \ -v /volume1/rarfiles:/source:ro \ -v /volume1/unrarred:/destination:rshared \ zimme/rar2fs
Tuesday, January 30, 2024
configure nginx
I want to use Certbot with Let’s Encrypt, but I don’t want my webserver to hand over the certificate to everyone knocking at my front door at poort 443.
Here’s how: I presume you have nginx and certbot installed.
Generate a self-singed certificate:
mkdir /etc/nginx/ssl/ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Now use this certificate for the default listener. Also respond with a http 444 (empty reponse).
server {
server_name _;
listen 80 default_server;
listen 443 ssl default_server;
# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
return 444; # no reponse
}
After that, all you have to do is create a file in /etc/nginx/sites-enabled/ e.g. blog.mydomain.com
server {
listen 443 ssl;
server_name blog.mydomain.com;
root /var/www/blog.mydomain.com;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
Reload nginx.
Then run Certbot and follow the steps:
certbot --nginx --staple-ocsp -d blog.mydomain.com
Connecting with ssl without the proper host-header will now present the self-signed certificate and reponds with an empty reponse.